A review farm is a coordinated set of fake or low-trust identities used to generate ratings, comments, or endorsements at scale. In practice, it combines automation, account creation, and pattern repetition to make manipulated reputation appear organic and credible.
Expanded Definition
A review farm is not just a collection of fake accounts; it is an organised reputation-manipulation system that uses low-trust identities, repetitive content patterns, and often automation to distort what looks like genuine user sentiment. In NHI security, the term matters because the identities involved are usually created, rotated, and discarded at scale, making them harder to trace than a single fraudulent account.
Definitions vary across vendors and platforms, but the operational pattern is consistent: fabricated endorsements are made to look like organic trust signals. This overlaps with fraud, bot activity, and abuse of identity infrastructure, yet it is distinct because the goal is reputational influence rather than direct credential theft. The NIST NIST Cybersecurity Framework 2.0 is relevant here because review farms expose weaknesses in detect, respond, and recover functions when identity abuse is allowed to persist.
The most common misapplication is treating a review farm as simple spam, which occurs when platforms fail to distinguish coordinated identity abuse from isolated low-quality submissions.
Examples and Use Cases
Implementing detection and enforcement rigorously often introduces moderation overhead and false-positive risk, requiring organisations to weigh stronger trust protection against the cost of slowing legitimate contributions.
- Coordinated five-star reviews posted from newly created accounts across a short time window to boost a product launch.
- Networks of low-trust identities leaving similar comments on app stores, marketplaces, or social platforms to suppress negative feedback.
- Artificial endorsement loops where one controlled account set repeatedly upvotes or confirms another account’s claims, creating the appearance of consensus.
- Large-scale reputation manipulation campaigns that blend manual posting with automation and proxy rotation to evade pattern-based detection.
- Fraud investigations that map identity creation velocity, device reuse, and content similarity to separate organic engagement from orchestrated abuse, as discussed in the Ultimate Guide to NHIs.
For governance teams, the practical question is not only whether a review is false, but whether the identity behind it has enough trust context to be considered meaningful. Guidance from NIST Cybersecurity Framework 2.0 helps organisations structure that evaluation across asset, identity, and response workflows.
Why It Matters in NHI Security
Review farms demonstrate how identity abuse can undermine trust without breaching a traditional perimeter. When fake or low-trust identities are allowed to accumulate, they contaminate signal quality, skew customer decisions, and weaken downstream automation that relies on ratings or endorsements as inputs. That is an NHI problem because the abuse is enabled by account lifecycle gaps, weak fraud controls, and poor visibility into how identities are created and reused.
This is also why the broader NHI posture matters. NHI Mgmt Group notes that only 5.7% of organisations have full visibility into their service accounts in the Ultimate Guide to NHIs, and the same visibility gap often appears in reputation abuse investigations. If defenders cannot reliably see identity provenance, they cannot reliably judge trust. The issue is compounded when manipulative accounts are embedded in otherwise legitimate platforms, where response requires both fraud analysis and identity governance.
Organisations typically encounter the operational damage only after rankings, recommendations, or moderation outcomes have already been distorted, at which point review farm detection becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | DE.CM, RS.AN | Review farms are detected through continuous monitoring and response analysis of anomalous identity behavior. |
| OWASP Agentic AI Top 10 | Automated identity abuse mirrors agentic misuse patterns where systems act at scale without trustworthy provenance. | |
| OWASP Non-Human Identity Top 10 | NHI-07 | Review farms rely on weak identity lifecycle controls and abuse of low-trust accounts. |
Constrain automation, rate-limit account actions, and verify provenance before allowing reputation-affecting activity.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 12, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
